That is expected given the logout does not currently revoke any self-contained token that was already issued; by self-contained token I mostly mean a JWT (ID token or access token). The most widespread practice is that these tokens are valid until the expiration date with which they were issued meaning that you need to be conscious about the lifetime you configure for those tokens.

ID tokens are always JWT’s by specification requirement and currently any access token issued to an API you configure in the APIs section is also a JWT although in the future other formats may be supported (including reference tokens). In addition, have in mind that even for reference tokens revocation is not mandatory so the fact that a reference token is used does not imply it’s possible to revoke them. I initially phrased my answer like that because revocation when supported is more frequently associated with reference tokens.